Gitlab — веб-платформа для управления проектами и репозиториями программного кода, работа которой основана на популярной системе контроля версий Git.
Релизный цикл, информация об уязвимостях
График релизов
Количество 5 237
CVE-2018-19584
GitLab EE, versions 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 ...
CVE-2018-19583
GitLab CE/EE, versions 8.0 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, would log access tokens in the Workhorse logs, permitting administrators with access to the logs to see another user's token.
CVE-2018-19583
GitLab CE/EE, versions 8.0 up to 11.x before 11.3.11, 11.4 before 11.4 ...
CVE-2018-19582
GitLab EE, versions 11.4 before 11.4.8 and 11.5 before 11.5.1, is affected by an insecure direct object reference vulnerability that permits an unauthorized user to publish the draft merge request comments of another user.
CVE-2018-19582
GitLab EE, versions 11.4 before 11.4.8 and 11.5 before 11.5.1, is affe ...
CVE-2018-19581
GitLab EE, versions 8.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure object reference vulnerability that allows a Guest user to set the weight of an issue they create.
CVE-2018-19581
GitLab EE, versions 8.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, ...
CVE-2018-19580
All versions of GitLab prior to 11.5.1, 11.4.8, and 11.3.11 do not send an email to the old email address when an email address change is made.
CVE-2018-19580
All versions of GitLab prior to 11.5.1, 11.4.8, and 11.3.11 do not sen ...
CVE-2018-19579
GitLab EE version 11.5 is vulnerable to a persistent XSS vulnerability in the Operations page. This is fixed in 11.5.1.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2018-19584 GitLab EE, versions 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 ... | CVSS3: 7.5 | 0% Низкий | больше 6 лет назад |
 | CVE-2018-19583 GitLab CE/EE, versions 8.0 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, would log access tokens in the Workhorse logs, permitting administrators with access to the logs to see another user's token. | CVSS3: 6.5 | 0% Низкий | больше 6 лет назад |
| CVE-2018-19583 GitLab CE/EE, versions 8.0 up to 11.x before 11.3.11, 11.4 before 11.4 ... | CVSS3: 6.5 | 0% Низкий | больше 6 лет назад |
| CVE-2018-19582 GitLab EE, versions 11.4 before 11.4.8 and 11.5 before 11.5.1, is affected by an insecure direct object reference vulnerability that permits an unauthorized user to publish the draft merge request comments of another user. | CVSS3: 4.3 | 0% Низкий | больше 6 лет назад |
| CVE-2018-19582 GitLab EE, versions 11.4 before 11.4.8 and 11.5 before 11.5.1, is affe ... | CVSS3: 4.3 | 0% Низкий | больше 6 лет назад |
| CVE-2018-19581 GitLab EE, versions 8.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure object reference vulnerability that allows a Guest user to set the weight of an issue they create. | CVSS3: 7.5 | 0% Низкий | больше 6 лет назад |
| CVE-2018-19581 GitLab EE, versions 8.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, ... | CVSS3: 7.5 | 0% Низкий | больше 6 лет назад |
| CVE-2018-19580 All versions of GitLab prior to 11.5.1, 11.4.8, and 11.3.11 do not send an email to the old email address when an email address change is made. | CVSS3: 5.3 | 0% Низкий | больше 6 лет назад |
| CVE-2018-19580 All versions of GitLab prior to 11.5.1, 11.4.8, and 11.3.11 do not sen ... | CVSS3: 5.3 | 0% Низкий | больше 6 лет назад |
| CVE-2018-19579 GitLab EE version 11.5 is vulnerable to a persistent XSS vulnerability in the Operations page. This is fixed in 11.5.1. | CVSS3: 5.4 | 0% Низкий | больше 6 лет назад |
Уязвимостей на страницу